Jump to content

Recommended Posts

Ok I have looked and not found anything so far.  I am trying to run a targeted DMK4 Deauthentication and Disassociation attach on only my SSID/MAC.

I can run Recon and locate my SSID/MAC and see my associated devices connected to it.  I can then deauth each momentarily but they just connect back.  I downloaded the DMK4 module and added the SSID/MAC to PineAP SSID Pool. I have PineAP Suite set to active. I then run a DMK4 Deauthentication and Disassociation attack targeting my SSID. However when I run this attack it is hitting other MACs that are not the one I selected.  I have checked my network settings and and using to radios that are not in use WLAN0 for input and WLAN2 for output.  I obviously have something messed up in this set up or the process I am using.  What am I doing wrong?

Link to post
Share on other sites

I’m also curious how to work with the webend of mdk4 on the pineapple. Any links to videos? 
 

running MDK4 from the console works fine but the keyboard on a iPad lacks CTRL-X, arrow keys and more so sucks a bit. Does anybody know how to add multiple MAC addresses in the whitelist? Are these comma separated?

Edited by JeroenV1982
Link to post
Share on other sites

Enable PineAP to get a monitor mode interface. Set the attack mode (using "d" here). Specify input and output interface. The "d" attack mode shouldn't really need two interfaces to be specified, but the module won't start mdk4 unless both are set, use wlan1mon for both. Using a blacklist = just make sure it's in the Mk7 file system somewhere and that it contains relevant MAC addresses for AP(s) to "attack". Add the path to the blacklist on the line in the module GUI. Specify channels to operate on. The Command line in the module GUI "grows" as parameters are set, for example a "full" line could look like: mdk4 wlan1mon wlan1mon d -b /root/mdk4_temp/blacklist.lst -c 1

Then hit "Start" and the "attack" should begin (the Output box at the bottom of the module page will update every 5 seconds). If running ps ax you can see that the mdk4 process has been started in the background.

Adding multiple MACs? Not sure, just try different variants. One on each line perhaps... or comma, or semicolon... The SSID list files on the MDK4 GitHub are specified with one SSID per line at least, so perhaps a hint on how to handle MACs as well.

Link to post
Share on other sites
8 hours ago, chrizree said:

Enable PineAP to get a monitor mode interface. Set the attack mode (using "d" here). Specify input and output interface. The "d" attack mode shouldn't really need two interfaces to be specified, but the module won't start mdk4 unless both are set, use wlan1mon for both. Using a blacklist = just make sure it's in the Mk7 file system somewhere and that it contains relevant MAC addresses for AP(s) to "attack". Add the path to the blacklist on the line in the module GUI. Specify channels to operate on. The Command line in the module GUI "grows" as parameters are set, for example a "full" line could look like: mdk4 wlan1mon wlan1mon d -b /root/mdk4_temp/blacklist.lst -c 1

Then hit "Start" and the "attack" should begin (the Output box at the bottom of the module page will update every 5 seconds). If running ps ax you can see that the mdk4 process has been started in the background.

Adding multiple MACs? Not sure, just try different variants. One on each line perhaps... or comma, or semicolon... The SSID list files on the MDK4 GitHub are specified with one SSID per line at least, so perhaps a hint on how to handle MACs as well.

Very well explained thank you!

my Blacklist.txt only contains one Mac but the console output is very weird. Using bssid filtering (-e) the result looks better. Is this a bug?

E958F1F6-CC7A-4F0B-B726-B573984E25A7.jpeg

EE7E3D96-3411-4467-A581-8D5F70936F7D.png

Edited by JeroenV1982
Added pictures
Link to post
Share on other sites

BSSID isn't -e, is it?! For attack mode "d" it should be -B. What version of mdk4 are you running?

Link to post
Share on other sites
8 hours ago, chrizree said:

BSSID isn't -e, is it?! For attack mode "d" it should be -B. What version of mdk4 are you running?

I’m running MDK4.0 v1. MDK4 —help d says -e is valid for mode “d”.

0B3A9845-BB35-42C1-AEDA-AEF6432873A2.jpeg

Edited by JeroenV1982
Link to post
Share on other sites
  • 2 weeks later...
On 4/2/2021 at 10:55 AM, chrizree said:

-E, yes, but not -e and with -E you should use an ESSID, i.e. an AP name, not a MAC address

Look at this thread on how to "upgrade" mdk4 on the Mk7, it may help
https://forums.hak5.org/topic/54576-mdk4-on-mark-vii-from-terminal/

 

There is also the -S (see picture above). Do you know the difference between -B and -S?

I tried:

mdk4 wlan1mon wlan1mon d -E SenS

But it also throws away my iPhone connected to the Open Wifi of the MK7 and that SSID is "Amadore Guest" (not SenS with MAC 98:9B:CB:F0:39:0B)?

(I can see this because my PineAP is in advanced mode (for monitor mode) and has Client Connected and Disconnected notifications enabled.

Photo

 

Edited by JeroenV1982
Link to post
Share on other sites
18 hours ago, chrizree said:

-S is in the help text of MDK4, it's for attacking a station

Thank you for your help. I updated my MDK4 on my MKVIII successful. I also tried mdk4 wlan1mon wlan1mon d -S 00:00:00:00:00:00 (Mac of my AP) and it works perfect.

From a noob point of view, can you explain the difference between -B (BSSID) and -S (Station)? Aren't both the same since they both are MAC?

Edited by JeroenV1982
Link to post
Share on other sites

I don't know what the developers of MDK use as reference, but most likely (based on "logic" about how the MDK syntax looks like when -S is used) they probably refer to "wireless clients" in the station perspective. STA (station) could really be an access point as well though in broader terms.

Things do not need to be the same just because they all have a MAC address. Everything that is a part of a network today has a MAC address (at least the things we normally interact with, there might be some other types of networks out there still though). Just study the OSI model to see the relation to other "components"/layers when it comes to networking.

Info about SSID/ESSID/BSSID can be found in several places, I would advise to base knowledge on known big "actors" in the field (or go for the standards/RFCs) that have relevant information available, such as...

https://www.juniper.net/documentation/en_US/junos-space-apps/network-director3.5/topics/concept/wireless-ssid-bssid-essid.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...